Debian Package Tracker

general

source: spice-gtk (main)
version: 0.35-2
maintainer: Liang Guo [DMD]
arch: any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 0.25-1
old-sec: 0.25-1+deb8u1
stable: 0.33-3.3+deb9u1
testing: 0.35-2
unstable: 0.35-2

versioned links

0.25-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.25-1+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.33-3.3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.35-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-spiceclientglib-2.0
gir1.2-spiceclientgtk-3.0
libspice-client-glib-2.0-8
libspice-client-glib-2.0-dev
libspice-client-gtk-3.0-5
libspice-client-gtk-3.0-dev
spice-client-glib-usb-acl-helper
spice-client-gtk

action needed

A new upstream version is available: 0.36 high

A new upstream version 0.36 is available, you should consider packaging it.

Created: 2019-01-18 Last update: 2019-04-25 23:34

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Please fix it.

Created: 2018-03-15 Last update: 2019-04-22 01:46

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.35-3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit b0b1419157f2ff723f98ace1cc2daa45dae3dc92
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 09:35:52 2018 +0200

    d/control: Remove trailing whitespaces

commit c5a1e76c9b8be34b1a6943526ce6591206b0a6a2
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 09:35:51 2018 +0200

    d/changelog: Remove trailing whitespaces

commit 7f194fdbfc23d848f5c60b5f68fed142e7835438
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 09:35:50 2018 +0200

    d/copyright: Change Format URL to correct one

Created: 2018-10-01 Last update: 2019-04-26 04:35

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-04-26 04:05

Depends on packages which need a new maintainer normal

The packages that spice-gtk depends on which need a new maintainer are:

usbredir (#911431)
- Build-Depends: libusbredirhost-dev
- Depends: libusbredirhost1 libusbredirparser1 libusbredirhost1 libusbredirparser1
spice-protocol (#911429)
- Build-Depends: libspice-protocol-dev
- Depends: libspice-protocol-dev

Created: 2018-10-20 Last update: 2019-04-26 02:36

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

libspice-client-glib-2.0-dev could be marked Multi-Arch: same
libspice-client-gtk-3.0-dev could be marked Multi-Arch: same

Created: 2018-09-09 Last update: 2019-04-25 23:45

RFA: The maintainer wants to pass over package maintainance. normal

The current maintainer is looking for someone who can take over maintenance of this package. If you are interested in this package, please consider taking it over. Alternatively you may want to be co-maintainer in order to help the actual maintainer. Please see bug number #911428 for more information.

Created: 2018-10-20 Last update: 2018-10-20 03:32

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Please fix it.

Created: 2018-03-15 Last update: 2019-04-22 01:46

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.

Please fix them.

Created: 2018-03-15 Last update: 2019-04-22 01:46

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
CVE-2018-10873: A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.

Please fix them.

Created: 2018-03-15 Last update: 2019-04-22 01:46

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2018-09-05 13:50

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2018-12-23 17:14

news

[rss feed]

[2018-10-27] Accepted spice-gtk 0.33-3.3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2018-09-13] spice-gtk 0.35-2 MIGRATED to testing (Debian testing watch)
[2018-09-08] Accepted spice-gtk 0.35-2 (source amd64) into unstable (Laurent Bigonville)
[2018-09-05] Accepted spice-gtk 0.35-1 (source amd64) into unstable (Laurent Bigonville)
[2018-09-05] spice-gtk 0.34-1.2 MIGRATED to testing (Debian testing watch)
[2018-08-31] Accepted spice-gtk 0.25-1+deb8u1 (source amd64) into oldstable (Mike Gabriel)
[2018-08-30] Accepted spice-gtk 0.34-1.2 (source amd64) into unstable (Jeremy Bicha) (signed by: Laurent Bigonville)
[2017-09-05] spice-gtk 0.34-1.1 MIGRATED to testing (Debian testing watch)
[2017-08-31] Accepted spice-gtk 0.34-1.1 (source amd64) into unstable (Laurent Bigonville)
[2017-08-28] Accepted spice-gtk 0.34-1 (source amd64) into unstable, unstable (Liang Guo)
[2017-01-25] spice-gtk 0.33-3.3 MIGRATED to testing (Debian testing watch)
[2017-01-14] Accepted spice-gtk 0.33-3.3 (source) into unstable (intrigeri)
[2016-12-30] Accepted spice-gtk 0.33-3.2 (source) into unstable (intrigeri)
[2016-12-15] Accepted spice-gtk 0.33-3.1 (source) into unstable (Andrey Rahmatullin)
[2016-10-30] spice-gtk 0.33-3 MIGRATED to testing (Debian testing watch)
[2016-10-25] Accepted spice-gtk 0.33-3 (source amd64) into unstable (Liang Guo)
[2016-10-24] Accepted spice-gtk 0.33-2 (source amd64) into unstable (Liang Guo)
[2016-10-19] spice-gtk 0.33-1 MIGRATED to testing (Debian testing watch)
[2016-10-13] Accepted spice-gtk 0.33-1 (source amd64) into unstable (Liang Guo)
[2016-08-03] spice-gtk 0.32-1 MIGRATED to testing (Debian testing watch)
[2016-07-28] Accepted spice-gtk 0.32-1 (source amd64) into unstable, unstable (Liang Guo)
[2016-01-05] spice-gtk 0.30-1 MIGRATED to testing (Debian testing watch)
[2015-12-25] Accepted spice-gtk 0.30-1 (source amd64) into unstable (Liang Guo)
[2015-09-03] spice-gtk 0.29-1 MIGRATED to testing (Britney)
[2015-08-29] Accepted spice-gtk 0.29-1 (source amd64) into unstable (Liang Guo)
[2015-08-25] Accepted spice-gtk 0.28-1.1 (source amd64) into unstable (Laurent Bigonville)
[2015-06-23] Accepted spice-gtk 0.28-1 (source amd64) into unstable, unstable (Liang Guo)
[2014-11-12] Accepted spice-gtk 0.26-2 (source amd64) into experimental (Liang Guo)
[2014-11-11] Accepted spice-gtk 0.26-1 (source amd64) into experimental (Liang Guo)
[2014-07-10] spice-gtk 0.25-1 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 7
RC: 0
I&N: 5
M&W: 2
F&P: 0
patch: 1

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.35-2
3 bugs